Category Archives: DHCPatriot

DHCPatriot 7.0.0 Enters Beta

DHCPatriot 7.0.0 has entered the beta testing phase.

Some key features of this version:

  • It is now possible to send a timezone offset other than UTC to DHCP clients
  • Customer status (active/suspended) can now be managed directly from the View Authenticated Users screen
  • The DHCPatriot web based GUI now supports LetsEncrypt
  • A Known Clients list, similar to same in DHCPv4, is now supported in DHCPv6
  • The API now supports JSON returns in addition to XML
  • Open-VM-Tools are now available on VMware DHCPatriot systems

Full patch notes available here.

If you are interested in participating in beta testing, please let us know:

By phone: 800-578-6381 option 3
By email: dhcpatriot@network1.net

FNGi COVID-19 Response

To: All FNGi Customers
Re: Coronavirus (COVID-19) Readiness/Planning

With the current uncertainties, I want you and all of our valued clients to be certain and confident that First Network Group is here to serve your needs and those of your customers. To that end, I want to update you on our status and planning.

Please know that while all things Coronavirus (COVID-19) remain fluid and subject to change, at the present time, our departments remain open on our regular 24/7 schedules, we are actively monitoring and managing your network and server infrastructure. All DHCPatriot work continues as normal in upgrades and support. As well as providing end-user technical support, call center service, and Lawful Intercepts to your customers, and we stand ready to be there for you.

We have escalated internal policies and procedures that minimize the risk of exposure to our employees and their families as we are confident that you have too. Departments that are well suited to work-at-home have already begun the transition as practicable. 

In addition and at this juncture, we have no plans to close our offices, but if the need for that arises we will also migrate all call center services to a telecommuting model. That transition should be seamless for you and your customers.

Again, we see no need for those alternate operations at this time. 

We are honored to be at your service, and as always, feel free to call or write as questions arise. 

Respectfully,
Stephen C. Walter
Founder, President & CEO

DHCPatriot 6.1.0 has entered beta testing!

We will be contacting certain DHCPatriot customers to inquire about helping us with beta testing. If anyone would like to help us beta test, please feel free to contact us and inquire about beta testing!

Email: DHCPatriot@network1.net
Phone: 800-578-6381 opt. 3

Here are the current patch notes for 6.1.0:

  1. Previously ‘Auth DHCP Config -> Exclude IP Address’ did not expose the ‘Limit Displayed Entries’ box. This made searching within the list impossible. This has been resolved. The box now appears and searching of this list is possible.
  2. Filesystem trim support is now triggered on boot in addition to once daily.
  3. Swappiness is now reduced to 5% on boot.
  4. Trim is now activated on the boot flash in model 2013-1 and newer DHCPatriot systems which contain such flash.
  5. Comma Separated Value (CSV) exporter will have commas stripped from the fields as this can obviously cause a problem for comma separated value files if there are rogue commas in the file.
  6. Performance module from the upper right has been hidden on virtual systems. This due to our inability to predict the hardware available in a virtual environment.
  7. Moderate performance bug in Usage Graphs data collection found and repaired.
  8. Disabled subnets ip counts now removed from total available IPs. Previously it made no impact on the counts of available addresses or the warnings about networks being full.
  9. Sessions will now move with a subnet if a subnet is moved to a different shared network or a different type of DHCP (such as auth -> standard). Some times in the past, a subnet would be moved. Sessions would continue. But they would disappear because they were still tied to the old shared network that wasn’t their home anymore. The sessions would show up in search sessions, but not in the counts on view address usage and the graphs. They still won’t immediately show up even now, but as they renew, the count will become correct.
  10. Preliminary support has been added for temperature monitoring. In a future release, the data will be added to SNMP output and server status web administration interface function.
  11. On certain systems, syslogd can have a tendency to not restart properly after log rotation. This seems to be limited to VMware systems. To counteract this, detection and starting of failed syslog has been implemented.
  12. A problem was fixed in the Built-in Authentication where a response couldn’t be obtained if the user was suspended. This could allow the user to stay online when they shouldn’t have been. This has been corrected.
  13. A new backend feature has been added such that authenticated devices are added and removed directly from the DHCP server. This means that a DHCP server restart is no longer required when user devices are authenticated or get suspended. This will result in greater DHCP server availability than is present prior to 6.1.0. Please note that this is a rather substantial change in operation of the DHCPatriot and as such there could be some unknown bugs present. If any are discovered, we will get a patch out as soon as possible.
  14. Standard DHCP Actions -> Known Client will now automatically translate any single quote ‘ to a back-tick ` to avoid problems with queries as the entries are used during DHCP actions.
  15. Standard DHCP Actions -> Static IP Assignment will now automatically translate any single quote ‘ to a back-tick ` to avoid problems with queries as the entries are used during DHCP actions.
  16. API: The API log messages have been enhanced. More descriptive log messages for API actions and failed logins / errors and the like are now available. These can be searched by going to System Configuration -> System Logs and selecting index for the Daemon and entering *API* in the Search Text box. In certain instances, this may impact returned error messages for the API. Please ensure that your API scripts still work after updating.
  17. API: The Known Client API calls previously did not properly restart the DHCP server when performing actions. This has been corrected.
  18. User Admin Restriction fix implemented. Previously, if you had an auth network selected but no standard, it showed you all standard networks. Also, if you had a standard network selected but no auth, it showed you all auth networks. This behavior has been corrected. Now, if you have at least one from one of the types selected but no other, all of the non-selected networks are hidden regardless of whether they are auth or standard. This makes this feature behave as was intended and per the descriptive text of the feature. Network restrictions are a convenience to hide networks which a particular administrator has no interest in (such as might be the case if multiple companies are sharing a DHCPatriot system). It is located and configured in System Configuration -> Administrators on the web administration interface.
  19. VRRP for IPv6 has been added. Set this up under System Configuration -> General Setup in box 14. The IPv6 addresses of the DHCPatriot devices as well as the VRRP address must all be in the same subnet.
  20. Corrected various spelling errors in response messages.
  21. API: The Deny MAC Address list can now be added to and removed from via a new API function. To Add:
    https://patriot.network1.net/cli/?username=apiuser&password=apipass&function=DenyMacAddress&action=ADD&mac=00:00:00:00:00:01&note=A%20TEST%20OF%20API%20DENY%20MAC%20ADD
    To Remove:
    https://patriot.network1.net/cli/?username=apiuser&password=apipass&function=DenyMacAddress&action=REMOVE&mac=00:00:00:00:00:01
  22. A new area has been added to configure permissions for the various functions available on the DHCPatriot system web administration interface. We called this Set App Permissions and it can be found under the System Configuration menu. This can be used to adjust the permission levels so that custom administrator levels can be created hiding / showing certain things to various administrator levels according to requirements.
  23. DHCPv6 Option 18 and Option 37 are now supported on the DHCPatriot system. They are only supported in the case that they are ASCII text strings (as was the case with option 82 support in DHCPv4). These options will be recorded with the DHCPv6 sessions.
  24. DHCPv6 sessions are now being recorded in the database.
  25. DHCPv6 sessions are now searchable in DHCPv6 (IPv6) -> Search Sessions. You can search by Client DUID, IP Address (which will also search delegated prefix), options 18 and 37, date/time and show only online devices. Additional parameters shown (Username and MAC Address) are not yet relevant and there for future development. The search results look similar to those available in DHCPv4.
  26. A new DHCPv4 setting has been exposed. The One Lease Per Client flag can now be toggled in System Configuration -> General Setup. This flag has always been there and is thus enabled by default. The DHCP server is instructed to allow only one IP Address per client. If a client requests a new lease, the previous lease is released. In 99% of situations this is the desired behavior. Recently, we have encountered a situation with a customer where multiple IP addresses per client is desired. Thus we have exposed this setting. If disabled, a client will be able to obtain and use multiple IP addresses simultaneously.
  27. Extra DHCP settings for DHCPv6 have been added to System Configuration -> General Setup. This works in a similar manner to the extra settings for DHCP except on DHCPv6 instead of DHCPv4.
  28. A problem was corrected where, under certain rare circumstances, stop time could be one second less than start time causing session time sent to the radius server to be -1 which resulted in session time appearing to be the largest possible positive unsigned 32 bit integer from the RADIUS server’s perspective. session time will now be adjusted to 0 in this case.
  29. View Address Usage now appears in DHCPv6 complete with the ability to click the subnet and see a list of users in the subnet. Graphs are not yet present and will appear in a future version.
  30. It is now possible to disable subnets in DHCPv6. This works much the same as it does in DHCPv4. The only difference being that Prefix delegations are dependent on a subnet, and so if a subnet is disabled, all of the prefix delegations dependent on that subnet will also show disabled in view address usage.
  31. Prefix Delegation has been split off from Dynamic Subnet allocations in DHCPv6. This allows multiple Prefix Delegation pools to be setup per subnet. Access Prefix Delegations in the DHCPv6 (IPv6) -> Prefix Delegation menu item. At time of install of 6.1.x, any prefix delegation pools that are setup with a subnet will be moved to this area.

DHCPatriot 5.5.0 has entered beta.

We will be contacting specific system owners and asking them to join our beta test period. If You would like to be a beta tester, please contact us at dhcpatriot@network1.net or 800-578-6381 opt. 3

Here are the changes in 5.5.0:

  1. API: A new API feature allows the retrieval of the entire list of users from Built-in Authentication: User Maintenance (or some sub-set thereof) from the DHCPatriot. The results can be limited by Identifier, username, static IP, simuse and status. Here is an example URL of the API call:
    https://patriot.network1.net/cli/BuiltInAuthAPI.php? function=BASearchCustomers&username=apiuser&password=apipass&identifier=Jim%20Smith&user=jsmith&staticip=1.3.5.7&simu se=3&status=Active
  2. API: A new API feature,GetNetworkConfig, provides all of the DHCP subnets in one xml return. Here is an example URL of the API call:
    https://patriot.network1.net/cli/?function=GetNetworkConfig&username=apiuser&password=apipass
  3. API: Added a new set of API calls that provide the ability to add, edit, delete and list the known client entries. This is basically an API interface that lets you perform all of the known client (Standard DHCP Actions -> Known Client) operations. See below for example API calls:
    Add: https://patriot.network1.net/cli/? function=KnownClient&username=apiuser&password=apipass&ACTION=ADD&mac=01:03:05:11:10:09&IDENT=Jose%20Aldo&TFT Pfile=some.file
    Edit: https://patriot.network1.net/cli/? function=KnownClient&username=apiuser&password=apipass&ACTION=EDIT&mac=01:03:05:11:10:45&IDENT=John%20Doe&TFT Pfile=some.other.file&id=5
    Delete: https://patriot.network1.net/cli/? function=KnownClient&username=apiuser&password=apipass&ACTION=DELETE&id=5
    List: https://patriot.network1.net/cli/? function=KnownClient&username=apiuser&password=apipass&ACTION=LIST

Continue reading

To The Great Beyond!

Happy April Fools! 😉

First Network Group, Inc. is proud to announce the next step in our near 20 year history. The First Space Network Group and its flagship the NCC-001 “Vint Cerf”.

thespaceshipToday we embark on our greatest adventure yet by bringing the internet to low earth orbit. No longer will people be plagued with limited or no access between 200 and 385 miles above the surface of the Earth.

This project has been the culmination of countless hours of work and planning (we were too busy working to actually count them). It is our fervent desire to make sure the entire world is connected and can share in the vast resource of the modern internet.

Our first launch of the Vint Cerf is scheduled for later today and will begin the ground work of floating miles of fiber optic cable encircling the planet.

Phase two will consist of the construction of node links to these fiber backbones and the creation of way stations where you can dock and connect any standard ethernet cable to the service.

Phase three will be the roll-out of our Orbital Wireless Technology Feature (oWTF) which will enable near node transmission and reception of wireless internet access with the network. This will enable less docking and maneuvering for the spacefarer on the go.

Access will be granted via our very own DHCPatriot. While widely deployed across the United States serving ISP’s of all sizes, college campuses and businesses, this will be its first venture into space.

If you are interested in joining us in the exciting adventure, or any of our other terrestrial services, please contact us to come on board!

DHCPatriot 5.3.0 has been released

Arguably the most important new feature in this build is the floating IP support implemented with Virtual Router Redundancy Protocol (VRRP). This is the last piece of the puzzle in making the DHCPatriot completely high availability.DHCPatriot logo

Previously, the router would need to be changed to force authentication traffic to one DHCPatriot device or the other in the case of outage. Using VRRP allows a third IP address to “float” between the two devices. This allows the router to be configured to force authentication traffic to this third IP address. The IP address never goes down as long as at least one DHCPatriot device is functional.

Other enhancements in this version include: Searchable Option 82 information that is stored with the sessions; Template based configuration of static address definitions in standard DHCP for quick configuration of ONT networks, for example; Optional protection of the authentication page against automated clients via a simple math problem; Checking stored credentials against the RADIUS server during an un-suspend operation; Optionally send RADIUS ALIVE (interim-update) packets upon DHCP client lease renewal; Optional RADIUS forwarding to external devices that need a RADIUS accounting stream.

Patch notes for this release:

  1. Floating IP (VRRP) implemented. It is now possible to add a third IP address to the DHCPatriot system that will float between the two devices. This IP address should be used with the captive portal page and possibly as the destination address when administrating the machine. Restrictions to using VRRP are that the DHCPatriot system devices must both be in the same subnet and the floating IP must be in that same subnet as well.
    empty_pixel
  2. Optional simple page for protecting the database from being accessed by pre-auth / unauthenticated automated clients such as Weatherbug. This page asks a simple math problem before proceeding to the actual authentication page for pre-auth users. The page has no images and no database access. Automated clients such as Weatherbug will not answer the question and proceed to the login page. Continue reading

DHCPatriot version 5.2.1 has been released

DHCPatriot logo

This is a maintenance with bug fixes only. Only DHCPatriot systems experiencing the bugs repaired in this release will receive this software. All of the fixes from this release will of course be in version 5.3.0.

Release notes:

  1. Added hardware support for the 2013-1 model of DHCPatriot system.
  2. Gave space on startup to launching programs so that they don`t all launch simultaneously. This should help with some freeze-up on startup problems.
  3. Added diagnostic software that will allow us to access hardware information in the field.
    Continue reading

DHCPatriot update 5.2.0 released!

DHCPatriot logoDHCPatriot update 5.2.0 has been released. Patch notes for this release.

  1. It is now possible to add fully qualified domain names to the DHCPatriot
  2. Force lower case usernames now works from the admin form. Previously it only worked from the customer facing authentication page.
  3. ISC DHCP version 4.2.4-P1 is now the core dhcp server. This release contains bug fixes as well as some refinements.
  4. Sticky IP notes are now possible. Notes can be included with a sticky IP assignment so that it can be remembered why it was done.
  5. Exclude IP notes are now possible. Notes can be included with an excluded IP so that it can be remembered why it was done.
    Continue reading